@eka-care/medassist-widget
MedAssist Widget react application
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/medassist-widget.js | AI (source-diff): Long strings are minified bundle output from remark/rehype/React deps, not obfuscation. Stable pattern for this bundled widget. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Same as react — build-time bundled dep. | ai | |
| phantom-deps | phantom-dep:clsx | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:zustand | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:html2canvas | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:lucide-react | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:react-markdown | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Bundled Vite/React widget; deps resolved at build time, not via Node imports. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-slot | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-avatar | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:@eka-care/medassist-core | AI (phantom-deps): Same-org dep bundled at build time. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-checkbox | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-scroll-area | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai | |
| phantom-deps | phantom-dep:@types/html2canvas | AI (phantom-deps): Type-only dep, not imported at runtime. | ai | |
| phantom-deps | phantom-dep:tailwindcss-animate | AI (phantom-deps): Build-time bundled dep in Vite widget. | ai |
Versions (showing 51 of 63)
| Version | Deps | Published |
|---|---|---|
| 0.1.71 | 16 / 15 | |
| 0.1.70 | 16 / 15 | |
| 0.1.69 | 16 / 15 | |
| 0.1.68 | 16 / 15 | |
| 0.1.67 | 16 / 15 | |
| 0.1.66 | 16 / 15 | |
| 0.1.65 | 16 / 15 | |
| 0.1.64 | 16 / 15 | |
| 0.1.63 | 16 / 15 | |
| 0.1.62 | 16 / 15 | |
| 0.1.61 | 16 / 15 | |
| 0.1.60 | 16 / 15 | |
| 0.1.59 | 16 / 15 | |
| 0.1.58 | 16 / 15 | |
| 0.1.57 | 16 / 15 | |
| 0.1.53 | 16 / 15 | |
| 0.1.50 | 16 / 15 | |
| 0.1.49 | 16 / 15 | |
| 0.1.46 | 16 / 15 | |
| 0.1.45 | 16 / 15 | |
| 0.1.44 | 16 / 15 | |
| 0.1.43 | 16 / 15 | |
| 0.1.42 | 16 / 15 | |
| 0.1.40 | 16 / 15 | |
| 0.1.37 | 16 / 15 | |
| 0.1.34 | 16 / 15 | |
| 0.1.30 | 16 / 15 | |
| 0.1.25 | 16 / 15 | |
| 0.1.22 | 16 / 15 | |
| 0.1.20 | 16 / 15 | |
| 0.1.19 | 16 / 15 | |
| 0.1.18 | 16 / 15 | |
| 0.1.17 | 16 / 15 | |
| 0.1.14 | 16 / 15 | |
| 0.1.12 | 16 / 15 | |
| 0.1.11 | 16 / 15 | |
| 0.1.9 | 16 / 15 | |
| 0.1.4 | 16 / 15 | |
| 0.0.99 | 16 / 15 | |
| 0.0.98 | 16 / 15 | |
| 0.0.90 | 16 / 15 | |
| 0.0.80 | 14 / 15 | |
| 0.0.76 | 14 / 15 | |
| 0.0.67 | 14 / 15 | |
| 0.0.66 | 14 / 15 | |
| 0.0.64 | 14 / 15 | |
| 0.0.57 | 14 / 15 | |
| 0.0.52 | 14 / 15 | |
| 0.0.50 | 14 / 15 | |
| 0.0.44 | 14 / 15 | |
| 0.0.43 | 14 / 15 |
v0.1.71
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.70
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.69
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.68
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.67
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.66
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.65
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.64
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.63
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.62
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.61
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.60
2 findingsModified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.59
2 findingsModified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.58
2 findingsModified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.57
2 findingsModified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.53
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.49
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.46
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.45
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.42
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.40
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.37
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.25
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.22
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.20
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.19
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.99
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.98
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.90
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.80
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.76
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.67
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.66
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.64
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.57
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.52
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.50
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.44
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.43
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.